The Codeflare-operator has security vulnerabilities

[jbusche]

The operator is made up of two containers:

1. gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
2. quay.io/project-codeflare/codeflare-operator:0.0.1

The first has 26 fixes, mainly in Go
The second has 4 fixes in Go

I think I can fix these with a PR - will try.

[anishasthana]

Sounds good! One avenue we could maybe investigate -- using the openshift oauth proxy container instead of the gcr kube-rbac-proxy container. I guess a good initial starting point would be to update to using a newer version of the rbac proxy container.

[jbusche]

Right - I was going to see if there's a newer one... Will update here... thanks!

[jbusche]

OK - latest image to scan is:

quay.io/project-codeflare/codeflare-operator:v0.0.3

[astefanutti]

@jbusche would you know if that's been done already and can be closed?